GHSA-X2QX-6953-8485 GitPython: Unsafe option check validates multi_options before shlex.split transformation

Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...

CVE-2026-6951

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

CVE-2026-6951

CVE-2026-6951 affects the Node.js package “simple-git.” The vulnerability lies in versions before 3.36.0, due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input reaches the options argument, an attacker could achieve remote c...

CVE-2026-6951

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

PT-2026-35132

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

Linux Distros Unpatched Vulnerability : CVE-2022-50812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - security: Restrict CONFIGZEROCALLUSEDREGS to gcc or clang 15.0.6 A bad bug in clang's implementation of -fzero-call-used-regs can result in NULL pointer...

CLSA-2025-1749743573 git: Fix of CVE-2025-52005

CVE-2025-52005: add sideband.allowControlCharacters config which gives a possibility to avoid control characters in sideband...

CVE-2025-21933 arm: pgtable: fix NULL pointer dereference issue

In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: fix NULL pointer dereference issue When updatemmucacherange is called by updatemmucache, the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjustpte: Unable to handle kernel NULL pointe...

DEBIAN-CVE-2024-42094

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code...

CVE-2024-26706

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different...

CVE-2023-1194

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

CVE-2023-1193

A use-after-free flaw was found in setupasyncwork in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work...

Zephyr Security Breach

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr 3.4.0 and earlier versions, which stems from the fact that when built with CONFIGCANAUTOBUSOFFRECOVERY=y, the backend of the SJA1000 CAN controller driver...

SUSE CVE-2017-7309

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the configoption parameter in admconfigreport.php. An attacker can inject arbitrary web script or HTML by crafting a malicious 'configoption' parameter. Details...

PT-2021-3701 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.14 Description: The issue is related to the mishandling of Signature Verification in the Linux kernel. This could allow an attacker to impact the confidentiality, integrity, and availability of protected...

DEBIAN-CVE-2018-19854

An issue was discovered in the Linux kernel before 4.19.3. cryptoreportone and related functions in crypto/cryptouser.c the crypto user configuration API do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a...

cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service DoS attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack...

kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity

The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIGNLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAPNETADMIN...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.19.7 - Bluetooth: Properly check L2CAP config option output buffer length Ben Seri Orabug: 26796364 CVE-2017-1000251 3.8.13-118.19.6 - xen: fix bio vec merging Roger Pau Monne Orabug: 26645550 CVE-2017-12134 3.8.13-118.19.5 - fs/exec.c: account for argv/envp pointers Kees Co...